package com.echo;

import java.io.IOException;
import java.security.Permission;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;

import com.Util.GeneralThreadPool;



/**
 * 安全管理器
 * @author dexc
 */
public class LanSecurityManager extends SecurityManager {

	private class RemoveTmpIp implements Runnable {

		@Override
		public void run() {
			try {
				while (true) {
					Thread.sleep(1000);
					if (!BANIPPACK.isEmpty()) {
						Set<String>set = BANIPPACK.keySet();
						Iterator<String>ite = set.iterator();
						while(ite.hasNext()){
							final String key = ite.next();
							Integer time = BANIPPACK.get(key);
							if(time !=null){
								time -= 1;
								if (time <= 0) {
									ite.remove();
								} else {
									BANIPPACK.put(key, time);
								}
							}
						}
					}
				}

			} catch (final Exception e) {
				_log.log(Level.SEVERE,e.getLocalizedMessage(), e);
			}
		}
	}
	private static final Logger _log = Logger.getLogger(LanSecurityManager.class.getName());

	/**IP封包驗證策略*/
	public static final Map<String, Integer> BANIPPACK = new HashMap<String, Integer>();


	/**禁止連線IP位置*/
	public static final ArrayList<String> BANIPMAP = new ArrayList<String>();

	/**禁止連線NAME位置*/
	public static final Map<String, Integer> BANNAMEMAP = new HashMap<String, Integer>();

	/**
	 * 如果不允許調用線程從指定的主機和埠號接受套接字連接，則拋出 SecurityException。
	 */
	@Override
	public void checkAccept(final String host, final int port) {
		//		if (ConfigIpCheck.IPCHECKPACK) {
		// 禁止IP
		/*if (BANIPMAP.containsKey(host)) {
				throw new SecurityException();
			}*/
		// IP封包驗證策略
			if (BANIPPACK.containsKey(host)) {
				throw new SecurityException();
			}
//		// 禁止IP
//		if(IpTable.getInstance().isBannedIp(host)){
//			throw new SecurityException();
//		}
		// 禁止IP
		if (BANIPMAP.contains(host)) {
			throw new SecurityException();
		}

		/*} else {
			// 禁止IP
			if (BANIPMAP.containsKey(host)) {
				throw new SecurityException();
			}
//			// 1個IP僅允許一個連線
//			if (ONEIPMAP.containsKey(host)) {
//				throw new SecurityException();
//			}
			// 1個IP只定時間內僅允許連限一個(毫秒) 0:不啟用
			if (ONETIMEMILLISMAP.containsKey(host)) {
				throw new SecurityException();
			}

//			if (ConfigIpCheck.ONETIMEMILLIS != 0) {
				ONETIMEMILLISMAP.put(host, System.currentTimeMillis());
//		}

			if (ConfigIpCheck.IPCHECK) {// DaiEn 2012-04-25
				if (!IpAttackCheck.get().check(host)) {
					throw new SecurityException();
				}
			}
		}*/
	}

	/**
	 * 如果不允許調用線程修改 thread 參數，則拋出 SecurityException
	 */
	@Override
	public void checkAccess(final Thread t) {
		// TODO Auto-generated constructor stub
	}

	/**
	 * 如果基於當前有效的安全策略，不允許執行根據給定許可權所指定的請求訪問，則拋出 SecurityException。
	 */
	@Override
	public void checkPermission(final Permission perm) {
		// TODO Auto-generated constructor stub
	}
	public void stsrt_cmd_tmp() throws IOException {
		final RemoveTmpIp removeIp = new RemoveTmpIp();
		GeneralThreadPool.getInstance().execute(removeIp);
	}
}
